MyraMyra
Get Started

Security and privacy

How Myra protects your data, your customers, and your team.

Security is not a feature at Myra; it is the foundation of everything we build. We understand that you trust us with your most sensitive business data and your customer relationships. We honor that trust with enterprise-grade security controls and a "Privacy-First" engineering culture.

Infrastructure and Physical Security

Myra is hosted on world-class cloud infrastructure (Amazon Web Services and Google Cloud Platform).

  • Physical Security: Our data centers are protected by 24/7 biometric access controls, armed guards, and video surveillance. They are certified to SOC 2 Type II and ISO 27001 standards.
  • Data Residency: By default, data is stored in the region where your account was created (e.g., UK-based businesses have their data stored in London). We offer dedicated regional hosting for enterprise clients with strict compliance needs.
  • Network Isolation: Our production environment is protected by multiple layers of firewalls and VPC (Virtual Private Cloud) isolation. We use Web Application Firewalls (WAF) to protect against DDoS attacks and SQL injection.

Data Protection and Encryption

Your data is protected at every stage of its journey.

  • In Transit: All data moving between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HSTS (HTTP Strict Transport Security) to prevent "Man-in-the-Middle" attacks.
  • At Rest: All databases, file storage, and backups are encrypted using AES-256. This means that even in the impossible event of physical theft, your data remains unreadable.
  • Encryption Key Management: We use hardware security modules (HSM) to manage and rotate encryption keys.

User Access and Authentication

We provide you with the tools to secure your own team's access.

  • Multi-Factor Authentication (MFA): We strongly recommend all users enable MFA via TOTP apps (like Google Authenticator or 1Password). This adds a second layer of security beyond just a password.
  • Single Sign-On (SSO): Enterprise teams can integrate Myra with their existing identity providers (Okta, Azure AD, OneLogin) via SAML 2.0.
  • Role-Based Access Control (RBAC): Don't give everyone "Admin" rights. Create custom roles with "Least Privilege" access. For example, a "Virtual Assistant" role might be able to see contacts but not export them or view financial reports.
  • Session Management: Admins can view all active sessions for their workspace and remotely "Log Out" any suspicious device with one click.

Privacy and Compliance

Myra is designed to help you meet your global privacy obligations.

  • GDPR & UK GDPR: We are fully compliant with European and UK data protection laws. We act as a "Data Processor" for your customer data. Our Data Processing Agreement (DPA) is available for all customers to sign.
  • Right to be Forgotten: If a customer asks to be deleted, our "Permanent Scrub" feature ensures every trace of their personal data is removed from our database and backups within the legal timeframe.
  • Privacy-by-Design: We never sell your data. We never use your customer data to train public AI models. Your business data belongs to you, and you can export it and leave the platform at any time.

Monitoring and Incident Response

  • 24/7 Monitoring: Our security team monitors our infrastructure around the clock for any signs of suspicious activity.
  • Audit Logs: Every "State Change" in your workspace is logged. You can see who logged in, who edited a contact, and who exported a report, including their IP address and timestamp.
  • Vulnerability Disclosure: We maintain a "Responsible Disclosure" policy. If you are a security researcher and find a bug, we encourage you to report it to us; we investigate all reports within 24 hours.

Business Continuity

  • Automated Backups: We take "Point-in-Time" backups of your database every hour. Backups are stored in a geographically separate region from our primary data center.
  • Disaster Recovery: We regularly test our disaster recovery plan to ensure we can restore service within minutes in the event of a major regional outage.

Security Checklist for Admins

To maximize your account security, we recommend the following:

  1. Enforce MFA: Make 2FA mandatory for all team members in the Security Settings.
  2. Audit Permissions: Every 90 days, review your "Users" list and remove any former employees or unnecessary roles.
  3. Use API Tokens Wisely: Never share your API tokens in public forums or unencrypted messages. Use "Scoped" tokens rather than "Full Access" tokens.
  4. Educate Your Team: Remind your staff that Myra support will never ask for their password.

FAQs

Is Myra SOC 2 certified? Our underlying infrastructure providers (AWS/GCP) are SOC 2 certified. Myra is currently undergoing its own SOC 2 Type II audit.

Where is my data physically located? For UK customers, data is located in AWS London (eu-west-2). For EU customers, it is in Frankfurt (eu-central-1). For US customers, it is in North Virginia (us-east-1).

More in Admin & White-label

Team members and roles
Invite teammates, assign roles, and control what each person can do.
Branding and white-label
Make Myra look like your own product - for your team or your clients.
Custom domains
Serve the app, booking pages, forms, and emails from your own domain.
Billing
Subscriptions, usage charges, invoices, and payment methods.
Agency mode
Manage many sub-accounts under one agency workspace - with consolidated billing, branding, and reporting.
Integrations
Connect Google, Microsoft, Stripe, Meta, Telnyx, and more.
REST API →